Yubico Forum
https://forum.yubico.com/

Cannot use UDF
https://forum.yubico.com/viewtopic.php?f=33&t=1569
Page 1 of 1

Author:  msesma [ Fri Oct 31, 2014 11:26 pm ]
Post subject:  Cannot use UDF

I have tried the demo http://demo.yubico.com/start/u2f/neo . Once installed the extension and entered an username and pass, next, the extensions ask me to allow sharing the Key. Ok... But the key doesn't blink and although I touch it nothing happens.

In Chrome, account security, second factor, register key, almost the same: Button register, insert key touch button, nothing happens.

The key is new, Yubikey Personalization Tool 3.1.17 says it is a Fido ready, 3.3.0 with slot 1 configured. I have not touched the factory configuration.

Tested in two computers, in the first one on three USB (2x2.0, 1x3.0) and one with two usb (2.0 and 3.0) with the same result.

What can I do to use UDF? Thanks

Author:  niekie [ Sat Nov 01, 2014 9:32 am ]
Post subject:  Re: Cannot use UDF

Hello,

FIDO/U2F support can be enabled on the Yubikey NEO by following the guide at: https://www.yubico.com/wp-content/uploads/2014/10/How-to-unlock-U2F-on-your-YubiKey-NEO.pdf
By default, U2F support on the Yubikey NEO is currently disabled, and enabling U2F support will currently disable Yubikey OTP support. In the future, support for having both the U2F and OTP modes enabled at the same time may be added to the NEO manager (at the moment, such a state is achievable only through command line tools, and should be done with caution. Furthermore, only the latest Chrome beta will support a Yubikey with both OTP(, CCID) and U2F enabled, currently). Please note that changing the modes of the NEO should be done with caution, as it will change the way the device behaves.

Author:  msesma [ Sat Nov 01, 2014 1:23 pm ]
Post subject:  Re: Cannot use UDF

Hi Niekie,

Thanks for the information. I have sucessfully registered my new key as U2F in Chrome and now it pass the test.

I have a old NEO(not supporting u2F) and I wanted to get ridof it, that's why I have purchased this expensive oneinstead the blue U2F cheaper one. I'm confortable with command line. In fact I have developed a small test applet that I have running on my CCID enabled old key (https://github.com/msesma/HelloJc)

So, could you point me to the command line instructions to enable OTP and U2F at the same time? Do you know why if it is currently possible, Yubico doesn't support it yet?

Thanks a lot.

Author:  niekie [ Sat Nov 01, 2014 4:35 pm ]
Post subject:  Re: Cannot use UDF

Hello msesma,

More information on setting the Yubikey to U2F+CCID+OTP mode is available in this post: http://forum.yubico.com/viewtopic.php?f=26&t=1519#p5873

Basically, you need to put the Yubikey in mode 6 using the ykpersonalize tool.

EDIT: To answer the second part of your question... this mode was currently disabled as there was no U2F client support available for a Yubikey which was in all three modes yet at the point this NEO manager was released. To prevent users from putting their device in a unusable mode. Support for U2F+OTP(+CCID) mode is available starting from Chrome version 39.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/